HELP please daughters HJT

Reply

Join Date: Oct 2004
Posts: 59
Reputation: joal is an unknown quantity at this point 
Solved Threads: 0
joal joal is offline Offline
Junior Poster in Training

HELP please daughters HJT

 
0
  #1
Jan 14th, 2007
Logfile of HijackThis v1.99.1
Scan saved at 2:44:28 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\AOL\1150805530\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SVRemote\USB20Remote.exe
c:\program files\common files\aol\1150805530\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1150805530\ee\aolsoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\InterVideo\WinDVR3\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\My Documents\hijackthis\HijackThis.exe

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150805530\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\USB20Remote.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48695F05-F8B6-4B05-9453-5133E0B61983}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Reply With Quote Quick reply to this message  
Join Date: Sep 2006
Posts: 327
Reputation: Colin Mac is on a distinguished road 
Solved Threads: 22
Colin Mac Colin Mac is offline Offline
Posting Whiz

Re: HELP please daughters HJT

 
0
  #2
Jan 14th, 2007
Download http://www.ccleaner.com/

Start CCleaner.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
Deselect "Only delete files in Windows Temp folders older than 48 hours".
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit.

Find your hijackthis.exe here
C:\Documents and Settings\HP_Administrator\My Documents\hijackthis\HijackThis.exe

and rename it to scan.exe

Then post a new Hijackthis log
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 59
Reputation: joal is an unknown quantity at this point 
Solved Threads: 0
joal joal is offline Offline
Junior Poster in Training

Re: HELP please daughters HJT

 
0
  #3
Jan 16th, 2007
thank you
Logfile of HijackThis v1.99.1
Scan saved at 7:09:31 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1150805530\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SVRemote\USB20Remote.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1150805530\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1150805530\ee\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\InterVideo\WinDVR3\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\My Documents\scan.exe\scan.exe.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150805530\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SVRemote] c:\Program Files\SVRemote\USB20Remote.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48695F05-F8B6-4B05-9453-5133E0B61983}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Reply With Quote Quick reply to this message  
Join Date: Sep 2006
Posts: 327
Reputation: Colin Mac is on a distinguished road 
Solved Threads: 22
Colin Mac Colin Mac is offline Offline
Posting Whiz

Re: HELP please daughters HJT

 
0
  #4
Jan 18th, 2007
Nothing bad showing in that log either so we'll take a closer look.

Firstly, your version of Java is outdated.
Click here http://java.sun.com/javase/downloads/index.jsp
to download Java Runtime Environment (JRE) 6.
Install it after it's downloaded and then go to Add/remove programs and remove any previous versions of the Java runtime environment.

Next, go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 59
Reputation: joal is an unknown quantity at this point 
Solved Threads: 0
joal joal is offline Offline
Junior Poster in Training

Re: HELP please daughters HJT

 
0
  #5
Feb 3rd, 2007
I found the problem, it was 017 on the HJT log above.
got rid of it and used all utilities to clean
thanks
joal
Reply With Quote Quick reply to this message  
Join Date: Sep 2006
Posts: 327
Reputation: Colin Mac is on a distinguished road 
Solved Threads: 22
Colin Mac Colin Mac is offline Offline
Posting Whiz

Re: HELP please daughters HJT

 
0
  #6
Feb 4th, 2007
It was not the 017 in the log above, actually.
http://ws.arin.net/whois
Last edited by Colin Mac; Feb 4th, 2007 at 10:14 am.
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: HELP please daughters HJT

 
0
  #7
Feb 5th, 2007
OrgName: America Online, Inc
OrgID: AMERIC-59
Address: 22080 Pacific Blvd
..they don't do viruses or trojans there, but the link may be slow.... is it a search engine?
Last edited by gerbil; Feb 5th, 2007 at 11:28 pm.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 2651 | Replies: 6
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit explorer facebook fake fancheckvirus firefox gaming gumblar hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile news norton obama panel parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume warning web windows worm zero-day
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC